[Wylug-admin] Fwd: Removal from Google's index

Mark P. Conmy mpc at comp.leeds.ac.uk
Thu Jul 10 11:01:17 UTC 2008 

On Thu, 10 Jul 2008, Phil Driscoll wrote:
> On Thursday 10 Jul 2008, Mark P. Conmy wrote:
>> 
>> I have sanitised the more obvious nastiness in the database, but it's
>> nasty looking.  Do we know how it got in there?  Is this someone doing
>> it deliberately (in an ill-judged attempt to improve Google rankings) or
>> is the site compromised?
>
> I suspect that some bot has injected the junk either using a known
> vulnerability in Wordpress or via the normal Wordpress comment process.

That would be my guess too, but the fact that it was mixed in with
genuine content suggests either someone put it in deliberately _or_
modifications to the actual PHP (to append this) _or_ some backdoor that
modifies (rather than inserting) content.

Basically, four announcements had significant numbers of drug references
_appended_.  But, they had style "display:none" which means that while
they were in the source, they weren't visible.  Why?

>> As for updating wordpress, the version installed (for just this reason)
>> is locally installed and _not_ part of the OS install.  It was done that
>> way because I don't like PHP apps (they tend to have too many bugs) and
>> I wanted whoever ran the website to take responsibility.  This is
>> precisely the reason I told Dave not to use WordPress and that, if he
>> did, he'd have to take full responsibility for running it.
>>
>> So, who is taking responsibility for the site?  Seriously, it's not just
>> a case of a quick "shove something in here for now", I want to know who
>> is going to take full responsibility for the account and site and who is
>> going to respond positively (and immediately) to such problems.
>
> I appreciate that someone needs to take this on board. I can't speak
> for the group, but I'm pretty sure that by then end of the pub session
> after Monday's meeting we will have someone prepared to take on the
> responsibility.
>
> I'm afraid that the best I could offer today as a postive and
> immediate solution was my 'shove this in here for now' one.

Yes, but who takes _responsibility_?  If I do as you say, what if
someone else objects?  I want _one_ name or clear agreement on a number
of names.  And not just on one person's say-so.

If the University saw this discussion, we'd get shut down anyway.

Mark

More information about the Wylug-admin mailing list